Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 48ac8712 authored by Rubin Xu's avatar Rubin Xu Committed by Automerger Merge Worker
Browse files

Merge "Only enforce secure FRP mode when in setup wizard" into rvc-dev am: c8983dbe 

Change-Id: I2f3197af787604385fc58f500ac47bb2f6709ff2
parents 0a641bcb c8983dbe

services/core/java/com/android/server/locksettings/LockSettingsService.java

+8 −3
Original line number Diff line number Diff line
@@ -1016,9 +1016,14 @@ public class LockSettingsService extends ILockSettings.Stub { 
    }



    private void enforceFrpResolved() {

        if (mInjector.settingsSecureGetInt(mContext.getContentResolver(),

                Settings.Secure.SECURE_FRP_MODE, 0, UserHandle.USER_SYSTEM) == 1) {

            throw new SecurityException("Cannot change credential while FRP is not resolved yet");

        final ContentResolver cr = mContext.getContentResolver();

        final boolean inSetupWizard = mInjector.settingsSecureGetInt(cr,

                Settings.Secure.USER_SETUP_COMPLETE, 0, UserHandle.USER_SYSTEM) == 0;

        final boolean secureFrp = mInjector.settingsSecureGetInt(cr,

                Settings.Secure.SECURE_FRP_MODE, 0, UserHandle.USER_SYSTEM) == 1;

        if (inSetupWizard && secureFrp) {

            throw new SecurityException("Cannot change credential in SUW while factory reset"

                    + " protection is not resolved yet");

        }

    }

services/tests/servicestests/src/com/android/server/locksettings/FakeSettings.java

+9 −0
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ public class FakeSettings { 


    private int mDeviceProvisioned;

    private int mSecureFrpMode;

    private int mUserSetupComplete;



    public void setDeviceProvisioned(boolean provisioned) {

        mDeviceProvisioned = provisioned ? 1 : 0;
@@ -32,6 +33,10 @@ public class FakeSettings { 
        mSecureFrpMode = secure ? 1 : 0;

    }



    public void setUserSetupComplete(boolean complete) {

        mUserSetupComplete = complete ? 1 : 0;

    }



    public int globalGetInt(String keyName) {

        switch (keyName) {

            case Settings.Global.DEVICE_PROVISIONED:
@@ -46,6 +51,10 @@ public class FakeSettings { 
        if (Settings.Secure.SECURE_FRP_MODE.equals(keyName) && userId == UserHandle.USER_SYSTEM) {

            return mSecureFrpMode;

        }

        if (Settings.Secure.USER_SETUP_COMPLETE.equals(keyName)

                && userId == UserHandle.USER_SYSTEM) {

            return mUserSetupComplete;

        }

        return defaultValue;

    }

}

services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java

+10 −1
Original line number Diff line number Diff line
@@ -417,7 +417,8 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
    }



    @Test

    public void testCredentialChangeNotPossibleInSecureFrpMode() {

    public void testCredentialChangeNotPossibleInSecureFrpModeDuringSuw() {

        mSettings.setUserSetupComplete(false);

        mSettings.setSecureFrpMode(true);

        try {

            mService.setLockCredential(newPassword("1234"), nonePassword(), PRIMARY_USER_ID);
@@ -425,6 +426,14 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
        } catch (SecurityException e) { }

    }



    @Test

    public void testCredentialChangePossibleInSecureFrpModeAfterSuw() {

        mSettings.setUserSetupComplete(true);

        mSettings.setSecureFrpMode(true);

        assertTrue(mService.setLockCredential(newPassword("1234"), nonePassword(),

                PRIMARY_USER_ID));

    }



    private void testCreateCredential(int userId, LockscreenCredential credential)

            throws RemoteException {

        assertTrue(mService.setLockCredential(credential, nonePassword(), userId));